CVE-2022-40010
MEDIUMTenda AC6 AC1200 15.03.06.50_multi - Cross-Site Scripting via Parental Control DeviceId Parameter
Title source: llmDescription
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/173029/Tenda-AC6-AC1200-15.03.06.50_multi-Cross-Site-Scripting.html
Scores
CVSS v3
5.4
EPSS
0.0009
EPSS Percentile
25.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
tenda/ac6_firmware
15.03.06.50_multi
Published
Jun 26, 2023
Tracked Since
Feb 18, 2026